Advancements in hardware and software capabilities of servers and computing devices alike have led to increasingly sophisticated web pages, application interfaces, and other electronic documents. Some web pages, for instance, integrate content from multiple sources to provide a comprehensive user experience. By way of example, a web page may include a top-level document that provides primary content for the web page and one or more iFrames that embed other content in the top-level document. In some cases, embedded documents are obtained from a different domain than a domain from which their top-level document was obtained, and thus are said to have different origins.
Documents from different origins can pose a security threat to computing systems. For example, a document from a first origin may carry malicious programs that are designed to compromise a document from a second origin, e.g., by injecting further malicious code in the other document, by inspecting or making unauthorized changes to a document object model (DOM) of the other document, scraping personal information from the other document, or monitoring user interactions with the other document. As such, web browsers and other applications that commonly execute documents from different origins have implemented same-origin policies that restrict many forms of cross-origin document interaction. For instance, a browser may prevent a web page from a first domain that is displayed in a first window from accessing data associated with another web page from a second domain that is displayed in a second window. Same-origin policies have been developed to protect the integrity and confidentiality of data from different sources.